AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Azure Heroes Sessions #9
    • Azure Heroes Sessions #10
    • Azure Heroes Sessions #11
    • Azure Heroes Sessions #12
    • Azure Heroes Sessions #13
    • Azure Heroes Sessions #14
    • Azure Heroes Sessions #15
    • Azure Heroes Sessions #16
    • Azure Heroes Sessions #17
    • Azure Heroes Sessions #18
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Azure Heroes Sessions #9
    • Azure Heroes Sessions #10
    • Azure Heroes Sessions #11
    • Azure Heroes Sessions #12
    • Azure Heroes Sessions #13
    • Azure Heroes Sessions #14
    • Azure Heroes Sessions #15
    • Azure Heroes Sessions #16
    • Azure Heroes Sessions #17
    • Azure Heroes Sessions #18
  • Registration Form
  • Privacy Policy

Azure Routing from Zero to Hero – The Basic

12/13/2020

2 Comments

 
In this post I will explain how to create a user-defined route and route your resources traffic through it. This guide will be very helpful specially if you have a network or security appliance deployed on azure or even on-prem.
 
First of all, you have to know that Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table
Picture
We have two main type of routes on Azure:
  1. System Route: Azure automatically creates system routes and assigns the routes to each subnet in a virtual network. You can't create system routes, nor can you remove system routes, but you can override some system routes with custom routes. Azure creates default system routes for each subnet, and adds additional optional default routes to specific subnets, or every subnet, when you use specific Azure capabilities.
  2.  User-defined Route (UDR): You can create custom, or user-defined(static), routes in Azure to override Azure's default system routes, or to add additional routes to a subnet's route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets. Each subnet can have zero or one route table associated to it.
Now, let’s create a route table on azure and route resources traffic into the Palo Alto Firewall (I have deployed it before) through the UDR
1- Login to Azure Portal
2- From Home > Click on Create A Resource
3- Search for Route Table
4- Select it then click on Create and configure the following settings:
  • Name – Enter the route table name.
  • Subscription – Select the Azure Subscription.
  • Resource Group – Click Select existing to use an already existing resource group, or enter a unique resource group name to create a new resource group.
  • Location – Select the Azure datacenter where you want to deploy your VM. The route table must be in the same location as the virtual network and the VMs.
Picture
Now let's Consider that your Virtual Applicance "in my case Palo Alto Firewall" has the IP "10.11.11.9"
5- The most important parts in the route table is the Subnet & and Routes
Picture
6- Select Subnet column, then Click on Associate
Picture
  • In the Associate subnet column, click Virtual network.
  • Select the virtual network in the Resource column.
  • In the Associate subnet column, click Subnet.
  • In the Choose subnet column, select the subnet
  • Click OK
The subnets associated with this route table are now visible in the subnets section of your route tables column

IF you have any VM running on Azure you must restart it in order to update the route, or you can run  the below commands on the VM
netsh winsock reset
netsh int IP reset
ipconfig /flushdns

Note: After associating the sbunet your VMs might not be accessible anymore! unless you de-associate the subnet, so we recommend to add the routing and test it on a testing VM then start associating the Subnets.

7- and let's Add Route, from Settings column, click Routes
8- In the Routes column, click + Add
Picture
In the Add route column, configure the following settings:
  • Route name – Enter a unique route name.
  • Address prefix – Enter the destination IP address range in CIDR. Use 0.0.0.0/0 to create a default route. or enter your subnet range which you wan to forward its traffic into the VA, here you can select all the address space or the subnet range itself
  • Next hop type – Select Virtual appliance. 
  • Next hop address – Enter the private IP address of the Firewall VM. If you are using an HA cluster, enter the IP address of the active firewall VM
The routes you created are now visible in your route tables column
Finally, I want you to focus on the Rotues coulmn as it's the most import field when we talk about UDR.

Let's consider that you have have a vNet on a different subscription or even on-prem so how you can forward the traffic into your virtual applicance?

I will show you an example:
Picture
By adding the Routes with the subnet in the Route table you will be able to reach the virtual appliane from differnet subscription or from On-Prem servers.
2 Comments
Bryan
3/29/2022 02:37:16 am

Good article. Any suggestions on how you route the management interface through the vpn if you have panorama on premise? I assume this could be UDR?

Reply
Rousan
3/30/2022 01:44:31 am

Hi Bryan,

i had configured the same for one customer before, so i have created a UDR to route all the traffic to on-prem firewalls

Reply



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 11 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    May 2024
    April 2024
    February 2024
    September 2023
    August 2023
    May 2023
    November 2022
    October 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.